Here’s a step-by-step guide on how to restore to an unsigned iOS firmware like iOS 11.1.2 which can be jailbroken. This guide has been written by Albanus Alain, one of our readers, who has successfully restored his iPhone 5s to iOS 11.1.2 and then back to iOS 11.0.3.
After releasing an iOS software update, Apple usually stops signing the older iOS firmware version in two weeks. Apple has used this strategy to keep jailbreakers at bay. It not only releases new software updates, that fixes the vulnerabilities used by the jailbreaks, it also stops signing the older iOS firmware file, which prevents users from downgrading back to the older iOS version that can be jailbroken. So the ability to upgrade or downgrade to an unsigned iOS firmware version can be very useful if you want to jailbreak your iPhone, iPad or iPod touch. So you could restore (essentially upgrade or downgrade) to iOS 11.1.2 which can be jailbroken using Electra jailbreak or LiberiOS jailbreak using this method.
This tutorial is not for the faint-hearted one and there’s a possibility that you may fail and be forced to restore into latest iOS, thus losing your chance of jailbreaking. So please proceed with caution and at your own risk. Read this tutorial thoroughly over and over again until you can make sense of these steps. Upgrading or downgrading unsigned iOS can only be done when you have correct SHSH blobs for your target iOS version and the signing window for public beta iOS is still open regardless the current signed released iOS. For this tutorial, I use iPhone 5s model and will refer to iOS 11.0.3 since this version doesn’t have the terrible gyroscope bug which is present in iOS 11.1.x. To increase your chance of success you should have already jailbroken your iOS device and have 10GB free hard disk space.
- Backup your iOS device. This process will erase everything on your device.
- As mentioned earlier, for this process, you need the SHSH2 blobs for the iOS version you want to downgrade. So if you want to restore to iOS 11.1.2, then you will need iOS 11.1.2 SHSH2 blob. If you have more than one .shsh2 files, you should pick one in folder named “noapnonce” which should be something named like “1234567890123_iPhone6,1_n51ap_11.0.3-15A432_a1bcdef234abc567d8e9f012345a6789b01234c5.shsh2”. You can save the SHSH blobs for an iOS version only if Apple is still signing the firmware. If you had saved the SHSH2 blobs but have lost the link, then you can check our post on how to save SHSH2 blobs to download them.
- For iOS 9.3.4 or 9.3.5 sideloaded PhoenixNonce.ipa from https://github.com/Siguza/PhoenixNonce/releases
- For iOS 10+ sideloaded NonceSet1112.ipa from https://github.com/julioverne/NonceSet112
- Download latest signed iOS .ipsw (as of this writing, iOS 11.2.6) for your iOS device model from here:
- Download your target iOS .ipsw for your iOS device model (ex. iOS 11.1.2)
- Download latest forked futurerestore from https://github.com/encounter/futurerestore/releases
How to Upgrade or Downgrade to Unsigned iOS Firmwares Using futurerestore
Step 1: Extract downloaded “futurerestore.zip” in a folder on your hard drive named futurerestore (for example C:\futurerestore\) and copy your target iOS .shsh2 blob there. Also, copy both iOS .ipsw file in this folder. To make it easy to type the command line later, you may rename the .shsh2 file to “my.shsh2”, iOS 11.0.3 .ipsw file to “restoreto.ipsw” and iOS 11.2.6 .ipsw file into “signed.ipsw”.
Step 2: Open your .shsh2 as text using Notepad and find your generator key string, something like 0xab12c34d5ef6ab7d
and type that string in PhoenixNonce app or NonceSet1112 appended with Set or enter. In this process your device may restart on its own—that’s normal. Restart your iOS device then open the app again after to make sure the value has been correctly written in your device—if the value hasn’t been shown yet, repeat this process. Sometimes the value has been correctly written but the app shows nothing. You may repeat then continue with the next steps.
Step 3: Connect your iOS device to your Windows PC, make sure iTunes is not running in the background and you have a good internet connection. Open Command Prompt then go to “C:\futurerestore\”. Assuming that all files are within the same folder, type the following command:
futurerestore -t my.shsh2 -i signed.ipsw restoreto.ipsw
if you haven’t changed the filenames, the command may look like this
futurerestore -t 1234567890123_iPhone6,1_n51ap_11.0.3-15A432_a1bcdef234abc567d8e9f012345a6789b01234c5.shsh2 –i iPhone_4.0_64bit_11.0.3_15A432_Restore.ipsw iPhone_4.0_64bit_11.2.5_15D60_Restore.ipsw
You will see a long verbose message after hitting Enter. Do not interrupt this process whatsoever until it’s done.
In this process, futurerestore may fail to put your iOS device into Recovery state. You may have to put your device into Recovery your own. Be aware that every time the device comes out of Recovery before the process finished, the generator key reset and you have to repeat step 1 – 3 again.
You can exit Recovery using the following command:
Wait and hopefully, nothing goes wrong during the process.
That’s it. This process should have helped you to successfully restore to an unsigned iOS firmware. You can then restore from the backup during the setup process.
Let us know how it goes in the comments below.
Special thanks to Albanus for providing the step-by-step guide. We hope you find it helpful.
Don’t forget to signup for our Daily Newsletter so you don’t miss such articles.